Sujet Précédent Sujet Suivant

Infecté par winspyware...

Résolu
davisss Messages postés 23 Statut Membre -  
Le sioux Messages postés 4907 Statut Contributeur sécurité -
Bonjour,

depuis quelques jours j'ai des problèmes avec winspyware...j'ai regardé les autres messages discutant du même sujet et j'ai téléchargé smitfraudfix comme vous l'aviez suggéré

J'ai ensuite procédé à la première étape et je ne sais plus quoi faire par la suite...voici le rapport que cela à donner!

SmitFraudFix v2.324

Rapport fait à 18:08:24,93, 2008-06-13
Executé à partir de C:\Documents and Settings\Dave Ouellet\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\CFusionMX7\runtime\bin\jrunsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\CFusionMX7\runtime\bin\jrun.exe
C:\WINDOWS\runservice.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Full Tilt Poker\FullTiltPoker.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Dave Ouellet\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dave Ouellet

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dave Ouellet\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DAVEOU~1\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Generic Marvell Yukon Chipset based Ethernet Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 142.169.1.16
DNS Server Search Order: 199.84.242.22

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A43A117D-87F4-4752-9307-50BB2C865906}: DhcpNameServer=142.169.1.16 199.84.242.22
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A43A117D-87F4-4752-9307-50BB2C865906}: DhcpNameServer=142.169.1.16 199.84.242.22
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A43A117D-87F4-4752-9307-50BB2C865906}: DhcpNameServer=142.169.1.16 199.84.242.22
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=142.169.1.16 199.84.242.22
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=142.169.1.16 199.84.242.22
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=142.169.1.16 199.84.242.22

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

40 réponses

  • 1
  • 2
Réponse 1 / 40
Le sioux Messages postés 4907 Statut Contributeur sécurité 496
 
Bonsoir Davisss

Tu peux supprimer SmitFraudFix, il n'a rien détecté (supprime aussi son Zip si tu as téléchargé la version zippé) et vide ta poubelle.
(A titre d'information, il doit se mettre à la racine du disque C et non sur le Bureau)

Puis commence par m'envoyer un rapport HijackThis, fais ce qui suit :

Télécharge hijackthis sur ton Bureau.

Ferme toutes les autres fenêtres, tous les autres programmes. Pas de connexion Internet.

Double-clique dessus pour lancer l’installation . Accepte la licence qui va apparaître par " I agree" .

Puis clique sur "Do a system scan and save a logfile"

Ferme HijackThis et fais un copier-coller du rapport en entier et poste le ici en réponse.

Note : le rapport HijackThis.txt se trouve dans C:\Program Files\Trend Micro\HijackThis

Tuto : "Générer un rapport" http://pageperso.aol.fr/balltrap34/demohijack.htm

@ suivre.
0
Réponse 2 / 40
davisss Messages postés 23 Statut Membre
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:59:38, on 2008-06-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\CFusionMX7\runtime\bin\jrunsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\CFusionMX7\runtime\bin\jrun.exe
C:\WINDOWS\runservice.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Mail] C:\WINDOWS\img32\csrss.exe
O4 - HKLM\..\Run: [Mail32] C:\WINDOWS\img32\services.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WinSpywareProtect] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Prince of Persia Les Sables du Temps\Support\Register\RegistrationReminder.exe
O4 - Startup: Registration Tom Clancy's Rainbow Six Vegas.LNK = C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Register\RegistrationReminder.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0
Réponse 3 / 40
Le sioux Messages postés 4907 Statut Contributeur sécurité 496
 
Re

Besoin d'un peu plus de renseignement sur la localisation (surtout dans le registre) de WinSpywareProtect :

OAD de !aur3n7

Télécharge OAD de !aur3n7
http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton Bureau

Double clique sur le OAD pour le lancer

- nom de fichier à rechercher tape ou fais un copier coller de : WinSpywareProtect
- Type de recherche : sélectionne l’option 6 puis valide [entrée]

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.

- Fais un copier / coller de ce rapport dans ton prochain post.

Note importante : Suivant la taille des disques dur cette recherche peut prendre plusieurs minutes. Sois patient

@ suivre
0
Réponse 4 / 40
davisss Messages postés 23 Statut Membre
 
2008-06-13 ---- 23:14:18,73

----------------------------------
§§§§§§ [WinSpywareProtect] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete

********************
[Registre]
********************

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TacOnlyOne]
"WinSpywareProtect"=dword:00010272

"UserAgentList"="AcedInetService\\acad.exe|acHTTP component\\WinSpywareProtect.exe|Adclient Massive Inc./3.3.0.22\\GH3.exe|Adobe Flash Update 9,0,28,0\\NPSWF32_FlashUtil.exe|Autodesk Content Browser 2008\\AecCB.exe|Azureus 3.0.4.2;Windows XP;Java 1.5.0_11\\Azureus.exe|Azureus 3.0.4.2\\Azureus.exe|Client\\IEXPLORE.EXE|DA 7.0\\DAP.EXE|DAP\\DAP.EXE|DigitAl56K/6.2.5.7\\DivXCodecUpdateChecker.exe|Download Agent\\IEXPLORE.EXE|Download\\IEXPLORE.EXE|ESDConnector\\AdobeUpdater.exe|Full Tilt Poker\\FullTiltPoker.exe|GameBox\\TmForever.exe|GameBox\\TmForeverLauncher.exe|Gamespy_Arcade\\Aphex.exe|GameSpyHTTP/1.0\\Aphex.exe|GameSpyHTTP/1.0\\FEARMP.exe|GoogleEarth/4.3.7204.0836\\GoogleEarth.exe|HP Lookup Agent\\HPWUCli.exe|hprbUpdate\\hprbUpdate.exe|HPSU3\\HPWUCli.exe|IncrediMail 5.0\\IMApp.exe|Installer\\setup_258_5022_[1].exe|InternetUtil\\HPWUCli.exe|iTunes/7.1.1\\iTunes.exe|Java/1.5.0_11\\Azureus.exe|LegitCheck\\firefox.exe|LimeWire/4.16.1\\LimeWire.exe|Messenger Stats Client\\msnmsgr.exe|Microsoft BITS/6.6\\svchost.exe|Microsoft Office/11.0\\WINWORD.EXE|Microsoft-CryptoAPI/5.131.2600.2180\\acad.exe|Microsoft-CryptoAPI/5.131.2600.2180\\dxsetup.exe|Microsoft-CryptoAPI/5.131.2600.2180\\Game.exe|Microsoft-CryptoAPI/5.131.2600.2180\\IEXPLORE.EXE|Microsoft-CryptoAPI/5.131.2600.2180\\launcher.exe|Microsoft-CryptoAPI/5.131.2600.2180\\mscorsvw.exe|Microsoft-CryptoAPI/5.131.2600.2180\\MsiExec.exe|Microsoft-CryptoAPI/5.131.2600.2180\\msnmsgr.exe|Microsoft-CryptoAPI/5.131.2600.2180\\nicmgr.exe|Microsoft-CryptoAPI/5.131.2600.2180\\R6Vegas_Launcher.exe|Microsoft-CryptoAPI/5.131.2600.2180\\rundll32.exe|Microsoft-CryptoAPI/5.131.2600.2180\\Setup.exe|Microsoft-CryptoAPI/5.131.2600.2180\\Sims2.exe|Microsoft-CryptoAPI/5.131.2600.2180\\SoftwareUpdate.exe|Microsoft-CryptoAPI/5.131.2600.2180\\TmForever.exe|Microsoft-CryptoAPI/5.131.2600.2180\\WgaTray.exe|Microsoft-CryptoAPI/5.131.2600.2180\\WLLoginProxy.exe|Microsoft-CryptoAPI/5.131.2600.2180\\WLSetupSvc.exe|Mozilla/3.0\\AcroRd32.exe|Mozilla/3.0\\WinSpywareProtect.exe|Mozilla/4.0\\acad.exe|Mozilla/4.0\\AecCB.exe|Mozilla/4.0\\Aphex.exe|Mozilla/4.0\\Azureus.exe|Mozilla/4.0\\casino.exe|Mozilla/4.0\\DAP.EXE|Mozilla/4.0\\DAPTraceCleaner.exe|Mozilla/4.0\\dxwsetup.exe|Mozilla/4.0\\EXCEL.EXE|Mozilla/4.0\\firefox.exe|Mozilla/4.0\\GoogleEarth.exe|Mozilla/4.0\\IEXPLORE.EXE|Mozilla/4.0\\IMApp.exe|Mozilla/4.0\\ImpCnt.exe|Mozilla/4.0\\IncMail.exe|Mozilla/4.0\\IsoBuster.exe|Mozilla/4.0\\LimeWire.exe|Mozilla/4.0\\msnmsgr.exe|Mozilla/4.0\\SoftwareUpdate.exe|Mozilla/4.0\\svchost.exe|Mozilla/4.0\\TexasCalc.exe|Mozilla/4.0\\WINWORD.EXE|Mozilla/4.0\\wmplayer.exe|Mozilla/5.0\\firefox.exe|MSDW\\dwwin.exe|MSDW\\wmplayer.exe|MSMSGS\\msmsgs.exe|NOD32 Update\\nod32krn.exe|NSPlayer/11.0.5721.5145 WMFSDK/11.0\\firefox.exe|NSPlayer/11.0.5721.5145\\firefox.exe|NSPlayer/11.0.5721.5145\\IEXPLORE.EXE|Outlook-Express/7.0\\wlmail.exe|Playtech Downloader\\casino.exe|QuickTime/7.4.1\\QuickTimePlayer.exe|SendHTTP\\MRT.exe|Shockwave Flash\\firefox.exe|Shockwave Flash\\IEXPLORE.EXE|SRL\\firefox.exe|TCValidator\\TexasCalc.exe|Travel Update\\IEXPLORE.EXE|Updater\\Updater.exe|VCSoapClient\\HPWUCli.exe|WebUpdate\\WebUpdate.exe|Windows-Media-DRM/11.0.5721.5145\\nero.exe|Windows-Media-DRM/11.0.5721.5145\\wmplayer.exe|Windows-Media-Player/11.0.5721.5230\\firefox.exe|Windows-Media-Player/11.0.5721.5230\\IEXPLORE.EXE|Windows-Media-Player/11.0.5721.5230\\wmplayer.exe|Windows-Update-Agent\\svchost.exe"

[HKEY_USERS\S-1-5-21-712103963-4012156083-2389529387-1005\Software\Adsl Software Limited\WinSpywareProtect]

[HKEY_USERS\S-1-5-21-712103963-4012156083-2389529387-1005\Software\Adsl Software Limited\WinSpywareProtect\5.1]

[HKEY_USERS\S-1-5-21-712103963-4012156083-2389529387-1005\Software\Adsl Software Limited\WinSpywareProtect\5.1\config]

[HKEY_USERS\S-1-5-21-712103963-4012156083-2389529387-1005\Software\Microsoft\Windows\CurrentVersion\Run]
"WinSpywareProtect"="\"C:\\Documents and Settings\\All Users\\Application Data\\Adsl Software Limited\\WinSpywareProtect\\WinSpywareProtect.exe\" /autorun"

*******************
[Fichier]
*******************

c:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect
c:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe

*********************
[Même date]
*********************

[2008-06-12 ] ---> C:\WINDOWS\KB888111Uninst.log
[2008-06-12 ] ---> C:\WINDOWS\KB950759-IE7.log
[2008-06-12 ] ---> C:\WINDOWS\KB950760.log
[2008-06-12 ] ---> C:\WINDOWS\KB950762.log
[2008-06-12 ] ---> C:\WINDOWS\KB951376.log
[2008-06-12 ] ---> C:\WINDOWS\system32\spupdsvc.inf
[R‚pertoire ] --- REP ---> C:\Program Files\Files

Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 40
Le sioux Messages postés 4907 Statut Contributeur sécurité 496
 
Re

T'es pas bavard toi ...

Afin de suivre la procédure correctement, je te conseille d'enregistrer la page en format HTLM afin d’appliquer la procédure comme il faut, pour cela :
* Avec Firefox
- clique sur le menu Fichier (en haut à gauche), puis choisis Enregistrer sous...
- dans la boîte de dialogue Enregistrer sous, pour le champ "Enregistrer dans" (en haut), clique sur la flèche de la "liste déroulante" et choisis Bureau; pour le champ "Type", laisse Page Web complète; pour le champ "Nom du fichier", saisis Discussion en cours; termine en cliquant sur Enregistrer
* Avec Internet Explorer 7, presse la touche Alt pour faire apparaître le menu et suis les mêmes instructions qu’avec FireFox.
Pour afficher la page (après redémarrage), double-clique sur "Discussion en cours.htm" situé sur le Bureau.
(Note: tu n'auras pas accès à Internet à partir du moment ou te redémarreras en mode sans échec)

Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscur, demande des explications avant de commencer la désinfection

1) Création de Fix.reg

Crée un nouveau document texte :

Clic droit de souris sur le bureau, "Nouveau"> "Document Texte". Ouvre-le et copie-colle dedans de ce qui est en citation ci-dessous, (copie tout d'un trait) :

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TacOnlyOne]
"WinSpywareProtect"=-

[-HKEY_USERS\S-1-5-21-712103963-4012156083-2389529387-1005\Software\Adsl Software Limited\WinSpywareProtect]

[-HKEY_USERS\S-1-5-21-712103963-4012156083-2389529387-1005\Software\Adsl Software Limited]

[HKEY_USERS\S-1-5-21-712103963-4012156083-2389529387-1005\Software\Microsoft\Windows\Curre­ntVersion\Run]
"WinSpywareProtect"=-


Puis "fichier"/"enregistrer sous" :
dans : sur le Bureau
Nom du fichier : Fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"

Note:
* Lors de l'enregistrement, il faut choisir pour le champ "Type": "Tous les fichiers"
* Fait bien attention que REGEDIT 4 soit sur la toute 1ere ligne

N'y touches pas pour le moment

2) Télécharge

Télécharge OTMoveIt2 (de Old_Timer) sur ton Bureau. http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
N'y touche pas pour le moment.

3) Redémarre en mode sans échec

Regarde ici si besoin avant ici : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.

Ouvre le fichier HTLM sauvegardé sur le Bureau afin de suivre les instructions comme il faut.

4) Utilisation du Fix.reg

Double clique sur Fix.reg (que tu as créé sur ton Bureau)

=> tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"

5) OTMoveIt (de Old_Timer)

Double clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche (de couleur bleu) de OTMoveIt :
Paste standard List of Files/Folders to be moved.


c:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect
c:\Documents and Settings\All Users\Application Data\Adsl Software Limited


Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaîtra dans le cadre Results.
Clique sur Exit pour fermer.

Il te sera peut-être demander de faire redémarrer le PC pour achever la suppression.
si c'est le cas accepte par Yes.

6) Rapports

Fais redémarrer ton PC en mode normal puis poste en réponse :

* Le rapport d’OTMoveIt situé dans C:\_OTMoveIt\MovedFiles (contenu du fichier C:\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date et l'heure)
* Un nouveau rapport HijackThis.

@ suivre
0
Réponse 6 / 40
davisss Messages postés 23 Statut Membre
 
haha pas bavard.....c'est la première fois qu'une personne me dit ca! héhé

j'trouvais juste que déjà la, le message était pas mal long avec le rapport...et j'faisais autre chose en même temps
0
Réponse 7 / 40
davisss Messages postés 23 Statut Membre
 
2008-06-13 ---- 23:14:18,73

----------------------------------
§§§§§§ [WinSpywareProtect] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete

********************
[Registre]
********************

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TacOnlyOne]
"WinSpywareProtect"=dword:00010272

"UserAgentList"="AcedInetService\\acad.exe|acHTTP component\\WinSpywareProtect.exe|Adclient Massive Inc./3.3.0.22\\GH3.exe|Adobe Flash Update 9,0,28,0\\NPSWF32_FlashUtil.exe|Autodesk Content Browser 2008\\AecCB.exe|Azureus 3.0.4.2;Windows XP;Java 1.5.0_11\\Azureus.exe|Azureus 3.0.4.2\\Azureus.exe|Client\\IEXPLORE.EXE|DA 7.0\\DAP.EXE|DAP\\DAP.EXE|DigitAl56K/6.2.5.7\\DivXCodecUpdateChecker.exe|Download Agent\\IEXPLORE.EXE|Download\\IEXPLORE.EXE|ESDConnector\\AdobeUpdater.exe|Full Tilt Poker\\FullTiltPoker.exe|GameBox\\TmForever.exe|GameBox\\TmForeverLauncher.exe|Gamespy_Arcade\\Aphex.exe|GameSpyHTTP/1.0\\Aphex.exe|GameSpyHTTP/1.0\\FEARMP.exe|GoogleEarth/4.3.7204.0836\\GoogleEarth.exe|HP Lookup Agent\\HPWUCli.exe|hprbUpdate\\hprbUpdate.exe|HPSU3\\HPWUCli.exe|IncrediMail 5.0\\IMApp.exe|Installer\\setup_258_5022_[1].exe|InternetUtil\\HPWUCli.exe|iTunes/7.1.1\\iTunes.exe|Java/1.5.0_11\\Azureus.exe|LegitCheck\\firefox.exe|LimeWire/4.16.1\\LimeWire.exe|Messenger Stats Client\\msnmsgr.exe|Microsoft BITS/6.6\\svchost.exe|Microsoft Office/11.0\\WINWORD.EXE|Microsoft-CryptoAPI/5.131.2600.2180\\acad.exe|Microsoft-CryptoAPI/5.131.2600.2180\\dxsetup.exe|Microsoft-CryptoAPI/5.131.2600.2180\\Game.exe|Microsoft-CryptoAPI/5.131.2600.2180\\IEXPLORE.EXE|Microsoft-CryptoAPI/5.131.2600.2180\\launcher.exe|Microsoft-CryptoAPI/5.131.2600.2180\\mscorsvw.exe|Microsoft-CryptoAPI/5.131.2600.2180\\MsiExec.exe|Microsoft-CryptoAPI/5.131.2600.2180\\msnmsgr.exe|Microsoft-CryptoAPI/5.131.2600.2180\\nicmgr.exe|Microsoft-CryptoAPI/5.131.2600.2180\\R6Vegas_Launcher.exe|Microsoft-CryptoAPI/5.131.2600.2180\\rundll32.exe|Microsoft-CryptoAPI/5.131.2600.2180\\Setup.exe|Microsoft-CryptoAPI/5.131.2600.2180\\Sims2.exe|Microsoft-CryptoAPI/5.131.2600.2180\\SoftwareUpdate.exe|Microsoft-CryptoAPI/5.131.2600.2180\\TmForever.exe|Microsoft-CryptoAPI/5.131.2600.2180\\WgaTray.exe|Microsoft-CryptoAPI/5.131.2600.2180\\WLLoginProxy.exe|Microsoft-CryptoAPI/5.131.2600.2180\\WLSetupSvc.exe|Mozilla/3.0\\AcroRd32.exe|Mozilla/3.0\\WinSpywareProtect.exe|Mozilla/4.0\\acad.exe|Mozilla/4.0\\AecCB.exe|Mozilla/4.0\\Aphex.exe|Mozilla/4.0\\Azureus.exe|Mozilla/4.0\\casino.exe|Mozilla/4.0\\DAP.EXE|Mozilla/4.0\\DAPTraceCleaner.exe|Mozilla/4.0\\dxwsetup.exe|Mozilla/4.0\\EXCEL.EXE|Mozilla/4.0\\firefox.exe|Mozilla/4.0\\GoogleEarth.exe|Mozilla/4.0\\IEXPLORE.EXE|Mozilla/4.0\\IMApp.exe|Mozilla/4.0\\ImpCnt.exe|Mozilla/4.0\\IncMail.exe|Mozilla/4.0\\IsoBuster.exe|Mozilla/4.0\\LimeWire.exe|Mozilla/4.0\\msnmsgr.exe|Mozilla/4.0\\SoftwareUpdate.exe|Mozilla/4.0\\svchost.exe|Mozilla/4.0\\TexasCalc.exe|Mozilla/4.0\\WINWORD.EXE|Mozilla/4.0\\wmplayer.exe|Mozilla/5.0\\firefox.exe|MSDW\\dwwin.exe|MSDW\\wmplayer.exe|MSMSGS\\msmsgs.exe|NOD32 Update\\nod32krn.exe|NSPlayer/11.0.5721.5145 WMFSDK/11.0\\firefox.exe|NSPlayer/11.0.5721.5145\\firefox.exe|NSPlayer/11.0.5721.5145\\IEXPLORE.EXE|Outlook-Express/7.0\\wlmail.exe|Playtech Downloader\\casino.exe|QuickTime/7.4.1\\QuickTimePlayer.exe|SendHTTP\\MRT.exe|Shockwave Flash\\firefox.exe|Shockwave Flash\\IEXPLORE.EXE|SRL\\firefox.exe|TCValidator\\TexasCalc.exe|Travel Update\\IEXPLORE.EXE|Updater\\Updater.exe|VCSoapClient\\HPWUCli.exe|WebUpdate\\WebUpdate.exe|Windows-Media-DRM/11.0.5721.5145\\nero.exe|Windows-Media-DRM/11.0.5721.5145\\wmplayer.exe|Windows-Media-Player/11.0.5721.5230\\firefox.exe|Windows-Media-Player/11.0.5721.5230\\IEXPLORE.EXE|Windows-Media-Player/11.0.5721.5230\\wmplayer.exe|Windows-Update-Agent\\svchost.exe"

[HKEY_USERS\S-1-5-21-712103963-4012156083-2389529387-1005\Software\Adsl Software Limited\WinSpywareProtect]

[HKEY_USERS\S-1-5-21-712103963-4012156083-2389529387-1005\Software\Adsl Software Limited\WinSpywareProtect\5.1]

[HKEY_USERS\S-1-5-21-712103963-4012156083-2389529387-1005\Software\Adsl Software Limited\WinSpywareProtect\5.1\config]

[HKEY_USERS\S-1-5-21-712103963-4012156083-2389529387-1005\Software\Microsoft\Windows\CurrentVersion\Run]
"WinSpywareProtect"="\"C:\\Documents and Settings\\All Users\\Application Data\\Adsl Software Limited\\WinSpywareProtect\\WinSpywareProtect.exe\" /autorun"

*******************
[Fichier]
*******************

c:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect
c:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe

*********************
[Même date]
*********************

[2008-06-12 ] ---> C:\WINDOWS\KB888111Uninst.log
[2008-06-12 ] ---> C:\WINDOWS\KB950759-IE7.log
[2008-06-12 ] ---> C:\WINDOWS\KB950760.log
[2008-06-12 ] ---> C:\WINDOWS\KB950762.log
[2008-06-12 ] ---> C:\WINDOWS\KB951376.log
[2008-06-12 ] ---> C:\WINDOWS\system32\spupdsvc.inf
[R‚pertoire ] --- REP ---> C:\Program Files\Files

Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
0
Réponse 8 / 40
Le sioux Messages postés 4907 Statut Contributeur sécurité 496
 
Re

haha pas bavard.....c'est la première fois qu'une personne me dit ca! héhé OK, lol ...!

Je t ai mis message ici http://www.commentcamarche.net/forum/affich 6886584 infecte par winspyware#5

Bon courage

@ + (en après midi ou soirée, je file dormir)
0
Réponse 9 / 40
Le sioux Messages postés 4907 Statut Contributeur sécurité 496
 
Re

Si tu n'as pas encore commencé la manip, peux tu faire cela stp :

Crée un nouveau document texte : clic droit de souris sur le Bureau, "Nouveau"> "Document texte". Ouvre-le et copie-colle dedans ces lignes en citation :

dir "%ALLUSERSAPPDATA%\Adsl Software Limited" /s > list.txt
notepad list.txt
del list.txt

Dans le menu "fichier"/"enregistrer sous", sélectionne :
"Nom du fichier" : list.bat
"Type" : "Tous les fichiers"
Clique ensuite sur "Enregistrer".

Double-clique dessus, le bloc-notes s'ouvre au bout de quelques instants.

Copie et poste son contenu.

Merci.

@ bientôt.
0
Réponse 10 / 40
davisss Messages postés 23 Statut Membre
 
Non je commencerai pas avant demain matin je crois héhé....jen ai encore pour 30 minutes environ à faire des trucs et jvais moi aussi dormir!

bye..

Le volume dans le lecteur C s'appelle ACER
Le num‚ro de s‚rie du volume est 9C96-951F

R‚pertoire de C:\Documents and Settings\All Users\Application Data

2008-06-12 06:11 <REP> Adsl Software Limited
0 fichier(s) 0 octets

Total des fichiers list‚sÿ:
0 fichier(s) 0 octets
1 R‚p(s) 54ÿ069ÿ555ÿ200 octets libres
0
Réponse 11 / 40
davisss Messages postés 23 Statut Membre
 
il y a quelque chose de nouveau qui m'est apparut il y a 2 secondes....c'est la première fois que ca se produisait...
0
Réponse 12 / 40
davisss Messages postés 23 Statut Membre
 
Rebonsoir, j'ai finalement décidé de regarder ca tout de suite...voilà les rapports!

Le rapport d’OTMoveIt

File/Folder not found.
c:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe moved successfully.
c:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\SAVED moved successfully.
c:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG moved successfully.
c:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\DELETED moved successfully.
c:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\BASE moved successfully.
c:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06142008_002444

Un nouveau rapport HijackThis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:32:32, on 2008-06-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\CFusionMX7\runtime\bin\jrunsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\CFusionMX7\runtime\bin\jrun.exe
C:\WINDOWS\runservice.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Mail] C:\WINDOWS\img32\csrss.exe
O4 - HKLM\..\Run: [Mail32] C:\WINDOWS\img32\services.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WinSpywareProtect] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Prince of Persia Les Sables du Temps\Support\Register\RegistrationReminder.exe
O4 - Startup: Registration Tom Clancy's Rainbow Six Vegas.LNK = C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Register\RegistrationReminder.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0
Réponse 13 / 40
Le sioux Messages postés 4907 Statut Contributeur sécurité 496
 
Bonjour Davisss

Deux nouvelles lignes d'apparues qui ne me plaisent pas :

O4 - HKLM\..\Run: [Mail] C:\WINDOWS\img32\csrss.exe
O4 - HKLM\..\Run: [Mail32] C:\WINDOWS\img32\services.exe

Qu'as tu fait de plus entre temps ...

Tout d'abord :

MSNFix.zip de !aur3n7

Télécharge MSNFix.zip de !aur3n7sur ton Bureau :
http://sosvirus.changelog.fr/MSNFix.zip
Décompresse-le (clic droit >> Extraire ici) et double clique sur le fichier MSNFix.bat.
-- presse une touche pour lancer le nettoyage pûis clique sur Entrée
-- Si l'infection est détectée, exécute l'option N.
-- Sauvegarde ce rapport puis poste un copier/coller de ce rapport sur le forum, ainsi qu'un nouveau rapport HijackThis. </gras>

Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.:

Tutorial : https://www.malekal.com/supprimer-virus-desinfecter-pc/

Puis :

Afin de suivre la procédure correctement, je te conseille d'enregistrer la page en sélectionnant toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.
(Note: tu n'auras pas accès à Internet à partir du moment ou te redémarreras en mode sans échec)
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscur, demande des explications avant de commencer la désinfection

1) Télécharge SDFix d' AndyManchesta

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe sur ton Bureau.

Double clique sur SDFix.exe et choisis Install. L'outil sera extrait à la racine du lecteur système (généralement le C:\)
N y touche pas pour l instant.

2) Redémarre en mode sans échec

Regarde ici si besoin avant ici : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains PC) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionne "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.

Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.

3) SDFix
* Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le processus de nettoyage.
* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
· Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

4) Rapports :

Poste un nouveau rapport HijackThis et le rapport de SDFix en réponse.

@ suivre
0
Réponse 14 / 40
davisss Messages postés 23 Statut Membre
 
Non je n'ai rien fait de spécial, et à vrai dire tout allait plutôt bien je croyais que le problème était déjà réglé héhé

MSNFix 1.722

C:\Documents and Settings\Dave Ouellet\Bureau\MSNFix
Fix exécuté le 2008-06-14 - 12:08:06,21 By Dave Ouellet
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\ehome\ehTray.exe
... C:\WINDOWS\system32\tmp.txt

************************ Recherche les dossiers présents

Aucun dossier trouvé

************************ Suppression des fichiers

.. OK ... C:\WINDOWS\ehome\ehTray.exe
.. OK ... C:\WINDOWS\system32\tmp.txt

************************ Nettoyage du registre

Les fichiers encore présents seront supprimés au prochain redémarrage

************************ Suppression des fichiers

.. OK ... C:\WINDOWS\ehome\ehTray.exe

************************ Fichiers suspects

Aucun Fichier trouvé

Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 2008-06-14_12165848.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,

Important : http://msnfix.changelog.fr/index.php/2008/05/18/32-alerte

------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------
0
Réponse 15 / 40
davisss Messages postés 23 Statut Membre
 
nouveau rapport HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:12, on 2008-06-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\CFusionMX7\runtime\bin\jrunsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\CFusionMX7\runtime\bin\jrun.exe
C:\WINDOWS\runservice.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Mail] C:\WINDOWS\img32\csrss.exe
O4 - HKLM\..\Run: [Mail32] C:\WINDOWS\img32\services.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WinSpywareProtect] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Prince of Persia Les Sables du Temps\Support\Register\RegistrationReminder.exe
O4 - Startup: Registration Tom Clancy's Rainbow Six Vegas.LNK = C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Register\RegistrationReminder.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0
Réponse 16 / 40
Le sioux Messages postés 4907 Statut Contributeur sécurité 496
 
Re

As tu executer SDFix en mode sans échec comme demandé ?

Je n'ai pas son rapport ...

@ suivre
0
Réponse 17 / 40
davisss Messages postés 23 Statut Membre
 
Le voilà....cela a été plus long que prévu...

[b]SDFix: Version 1.192 [/b]
Run by Dave Ouellet on 2008-06-14 at 12:45

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper

Rebooting

[b]Checking Files [/b]:

Trojan Files Found:

C:\Documents and Settings\Dave Ouellet\Application Data\Deskbar_{1986015D-968B-4f72-828D-3033C771CE9E}\log.txt - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 07_31_48 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 08_06_58 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 14_30_05 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 14_39_36 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 14_41_07 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 14_42_07 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 14_43_07 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 14_44_07 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 14_45_08 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 14_46_08 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 14_48_24 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 14_49_40 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 14_50_40 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 14_51_40 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 14_52_40 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 14_53_40 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 14_54_40 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 14_56_46 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 14_57_46 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 14_58_46 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 14_59_46 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_00_46 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_01_46 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_02_46 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_03_46 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_04_47 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_05_47 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_06_47 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_07_47 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_08_47 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_09_47 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_10_47 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_11_48 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_12_48 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_13_48 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_14_48 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_15_48 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_17_19 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_18_46 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_19_46 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_20_46 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_21_47 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_22_47 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_23_58 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_25_48 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_26_48 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_28_15 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_29_15 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_30_16 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_31_33 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_32_33 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_33_55 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_35_27 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_36_27 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_37_28 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_38_28 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_39_29 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_40_30 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_41_36 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_42_36 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_43_36 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_44_36 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_45_36 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_46_38 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_47_40 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_48_40 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_50_18 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_51_18 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_52_18 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_53_30 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_54_32 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_55_33 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_56_33 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_57_33 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 15_59_00 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 16_00_00 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 16_01_00 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 16_02_00 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 16_03_00 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 16_04_22 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 16_05_22 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 16_06_22 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 16_07_23 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 16_08_33 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 16_09_33 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 16_10_34 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 16_11_34 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 16_12_34 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 16_13_34 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 16_14_34 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 16_15_34 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 16_16_34 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 16_17_35 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 16_18_35 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 16_19_35 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 16_20_35 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 16_21_35 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 16_22_35 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 16_23_35 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 16_24_36 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 16_25_42 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_01_08 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_03_39 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_06_11 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_07_17 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_09_34 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_13_01 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_14_02 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_15_02 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_16_02 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_17_02 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_18_02 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_19_43 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_20_43 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_21_43 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_22_44 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_23_44 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_24_44 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_25_44 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_26_50 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_27_50 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_28_56 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_29_56 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_30_56 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_31_56 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_32_56 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_34_17 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_35_17 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_36_17 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_37_17 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_38_17 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_39_17 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_40_17 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_41_33 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_42_44 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_43_45 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_45_11 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_46_17 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_47_17 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_48_17 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_49_17 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_50_17 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_51_17 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_52_18 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_53_18 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_54_19 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_55_19 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_56_33 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_57_34 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_58_36 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 17_59_36 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 18_52_02 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 18_53_02 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 18_54_02 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 18_55_03 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 18_56_04 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 18_57_04 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_14_01 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_15_32 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_16_32 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_17_32 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_18_32 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_20_28 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_21_28 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_22_37 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_28_39 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_30_00 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_31_00 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_32_00 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_33_16 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_34_16 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_35_16 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_36_16 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_38_23 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_39_23 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_41_10 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_42_10 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_44_32 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_45_44 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_46_44 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_47_44 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_48_45 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_49_54 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_50_55 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_51_55 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_52_55 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_53_55 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_54_55 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_55_55 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_56_55 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_57_55 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_58_55 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 19_59_55 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_00_56 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_01_56 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_02_56 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_03_56 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_04_56 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_05_57 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_06_59 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_08_05 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_09_05 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_10_08 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_11_42 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_12_42 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_13_42 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_14_43 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_15_46 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_16_46 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_17_47 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_18_51 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_20_00 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_21_00 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_22_00 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_23_39 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_24_58 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_25_58 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_28_51 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_29_51 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_33_07 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_35_04 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_36_15 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_37_16 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_38_44 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_39_44 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_40_44 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_41_44 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_42_45 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_44_52 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 20_55_05 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 21_00_36 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 21_16_47 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 21_18_03 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 21_19_49 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 21_20_49 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 21_26_35 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 21_35_01 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 21_36_06 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 21_37_56 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 21_38_57 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 21_40_12 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 21_41_18 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 21_44_19 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 21_45_19 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 21_46_19 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 21_47_45 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 22_45_51 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 23_14_57 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 23_18_19 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\12 f‚vr 07 23_20_16 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 12_51_17 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 12_54_09 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 12_55_40 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 12_58_56 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 13_18_11 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 13_32_21 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 13_33_29 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 13_34_29 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 13_35_29 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 13_36_29 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 13_37_29 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 13_38_29 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 13_39_29 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 13_40_35 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 13_41_35 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 13_42_35 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 13_43_35 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 13_44_35 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 13_45_35 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 13_46_35 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 13_47_35 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 13_48_35 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 13_50_41 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 13_51_41 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 13_53_32 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 13_54_32 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 13_55_32 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 13_56_32 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 13_57_32 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 13_58_32 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 13_59_32 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_07_42 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_08_52 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_09_52 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_10_52 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_11_52 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_12_52 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_13_53 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_14_53 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_15_53 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_16_53 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_17_53 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_18_53 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_19_53 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_20_53 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_21_53 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_22_53 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_23_53 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_24_53 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_25_53 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_26_53 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_27_53 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_28_54 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_29_54 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_30_54 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_31_54 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_32_54 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_33_54 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_34_54 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_35_54 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_36_54 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_37_54 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_38_55 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_39_55 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_40_55 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_41_55 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_42_55 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_43_55 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_44_55 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_45_55 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_46_55 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_47_55 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_48_56 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_49_56 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_50_56 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_51_56 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_52_56 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_53_56 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_54_56 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_55_56 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_56_56 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_57_56 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_58_57 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 16_59_57 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_00_57 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_01_57 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_02_57 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_03_57 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_04_57 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_05_57 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_06_57 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_07_57 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_08_57 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_09_57 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_10_57 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_11_57 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_12_57 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_13_57 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_14_57 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_16_33 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_17_33 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_18_33 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_19_36 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_20_36 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_21_36 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_22_36 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_23_36 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_24_37 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_25_37 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_26_37 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_27_37 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_28_37 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_29_37 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_30_37 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_31_38 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_32_38 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_33_38 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_34_38 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_35_38 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_36_38 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_37_38 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_38_38 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_39_38 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_40_39 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_41_39 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_42_39 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_43_39 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_44_39 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_45_39 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_46_39 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_47_40 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_48_40 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_49_47 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_51_19 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_52_36 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_54_13 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_56_09 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 17_57_50 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 18_40_21 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 18_44_14 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 18_45_14 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 18_46_49 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 22_05_49 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 22_15_05 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 22_21_17 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 22_22_33 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 22_23_33 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 22_24_33 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 22_25_34 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 22_26_34 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 22_30_19 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 22_34_36 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 22_35_46 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 22_40_58 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 22_43_47 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 22_47_08 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 22_48_08 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 22_55_08 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 22_56_09 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 22_57_15 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 22_58_15 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 22_59_32 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_01_08 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_02_08 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_03_08 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_04_08 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_05_08 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_06_09 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_07_09 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_08_09 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_09_09 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_10_10 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_11_10 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_12_10 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_13_11 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_14_11 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_15_11 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_16_11 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_17_11 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_18_11 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_19_11 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_20_11 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_21_11 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_22_12 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_23_38 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_24_38 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_25_38 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_26_38 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_27_39 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_28_39 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_29_40 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_40_08 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_42_30 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_44_11 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_45_22 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_46_28 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_47_28 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_48_28 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_49_29 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_55_20 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_56_20 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_57_21 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_58_21 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\13 f‚vr 07 23_59_21 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 00_00_25 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 07_21_04 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 07_51_29 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 07_54_00 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 07_55_00 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 07_57_11 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 07_58_22 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 08_00_38 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 08_08_15 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 08_09_15 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 08_10_15 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 11_47_36 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 11_49_07 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 11_50_07 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 11_51_08 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 11_52_08 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 11_53_08 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 11_54_08 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 11_55_08 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 11_56_09 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 12_08_56 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 12_09_57 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 12_10_58 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 12_11_58 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 12_12_58 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 12_14_04 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 12_15_04 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 12_16_04 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 12_17_35 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 12_18_35 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 12_19_46 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 12_20_52 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 12_21_53 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\14 f‚vr 07 12_23_04 Dave Ouellet .rna - Deleted
C:\Program Files\Accessories\Common\OnlineTime.txt - Deleted
C:\Program Files\Accessories\Common\WebsitesDetail.txt - Deleted
C:\Program Files\Accessories\Common\WebsitesSummary.txt - Deleted
C:\Program Files\dbar\basis.xml - Deleted
C:\Program Files\dbar\channel.tmpl - Deleted
C:\Program Files\dbar\content.tmpl - Deleted
C:\Program Files\dbar\date.tmpl - Deleted
C:\Program Files\dbar\deskbar.crc - Deleted
C:\Program Files\dbar\edit_rss.tmpl - Deleted
C:\Program Files\dbar\logo.bmp - Deleted
C:\Program Files\dbar\mbback.bmp - Deleted
C:\Program Files\dbar\mbbigopen.bmp - Deleted
C:\Program Files\dbar\mbclose.bmp - Deleted
C:\Program Files\dbar\mbfwd.bmp - Deleted
C:\Program Files\dbar\mblogo.bmp - Deleted
C:\Program Files\dbar\mbsep.bmp - Deleted
C:\Program Files\dbar\nav1.bmp - Deleted
C:\Program Files\dbar\nav2.bmp - Deleted
C:\Program Files\dbar\new_alert.tmpl - Deleted
C:\Program Files\dbar\version.txt - Deleted
C:\Program Files\winvi\dsktp\AC_RunActiveContent.js - Deleted
C:\Program Files\winvi\dsktp\desktop.html - Deleted
C:\Program Files\winvi\dsktp\internetDetection.swf - Deleted
C:\Program Files\winvi\dsktp\settings.sol - Deleted

Folder C:\Documents and Settings\Dave Ouellet\Application Data\Deskbar_{1986015D-968B-4f72-828D-3033C771CE9E} - Removed
Folder C:\Program Files\Accessories\Common - Removed
Folder C:\Program Files\dbar - Removed
Folder C:\Program Files\winvi - Removed

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 12:57:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch]
"Epoch"=dword:0000586a
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:dc0bf112
"s2"=dword:2ba03205
"h0"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:3c,c4,35,25,70,54,4c,c8,56,95,77,6b,be,ae,6d,fb,a8,3b,9b,c0,f9,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000002
"hdf12"=hex:eb,00,5d,90,30,9c,99,72,19,e7,aa,ff,5e,d9,67,d2,19,6b,10,aa,e0,..
"p0"="C:\Program Files\DAEMON Tools Pro\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,0c,71,83,a3,47,a1,8f,22,2c,a1,b8,08,10,2d,98,cc,02,..
"hdf12"=hex:b9,67,43,f1,35,a7,e4,8d,e3,6c,22,47,74,f2,27,c4,59,d6,26,81,49,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:05,39,db,e2,4d,32,4c,9f,b3,f1,58,01,fa,e7,27,5e,4a,ee,e4,f8,85,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:23,38,3b,4d,d6,a9,cc,c9,fb,e6,ad,e0,10,36,0e,37,f5,14,41,74,7b,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:f2,a5,54,17,3b,01,20,f8,4f,cc,04,58,e5,a6,04,6c,f2,f0,b6,60,9d,..
"a0"=hex:20,01,00,00,e9,e8,88,a2,67,35,f0,7e,c1,d2,a9,67,57,6c,fa,20,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:63,11,a3,91,20,49,6c,26,dc,35,f9,e6,a7,26,bb,11,3f,b4,19,3d,d9,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:63,11,a3,91,20,49,6c,26,dc,35,f9,e6,a7,26,bb,11,3f,b4,19,3d,d9,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:07,3a,b4,c0,03,09,f0,17,47,0d,bc,08,48,37,dc,af,30,d7,56,ec,12,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:07,3a,b4,c0,03,09,f0,17,47,0d,bc,08,48,37,dc,af,30,d7,56,ec,12,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"DhcpNameServer"="142.169.1.16 199.84.242.22"
"DhcpDomain"="globetrotter.net"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0520BC80-AC96-4473-B8D8-7B9CE8D14E9E}]
"LeaseObtainedTime"=dword:4853f808
"T1"=dword:4853f887
"T2"=dword:4853f8e7
"LeaseTerminatesTime"=dword:4853f907
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{0520BC80-AC96-4473-B8D8-7B9CE8D14E9E}\Parameters\Tcpip]
"LeaseObtainedTime"=dword:4853f808
"T1"=dword:4853f887
"T2"=dword:4853f8e7
"LeaseTerminatesTime"=dword:4853f907
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:3c,c4,35,25,70,54,4c,c8,56,95,77,6b,be,ae,6d,fb,a8,3b,9b,c0,f9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000002
"hdf12"=hex:eb,00,5d,90,30,9c,99,72,19,e7,aa,ff,5e,d9,67,d2,19,6b,10,aa,e0,..
"p0"="C:\Program Files\DAEMON Tools Pro\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,0c,71,83,a3,47,a1,8f,22,2c,a1,b8,08,10,2d,98,cc,02,..
"hdf12"=hex:b9,67,43,f1,35,a7,e4,8d,e3,6c,22,47,74,f2,27,c4,59,d6,26,81,49,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:05,39,db,e2,4d,32,4c,9f,b3,f1,58,01,fa,e7,27,5e,4a,ee,e4,f8,85,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:23,38,3b,4d,d6,a9,cc,c9,fb,e6,ad,e0,10,36,0e,37,f5,14,41,74,7b,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:f2,a5,54,17,3b,01,20,f8,4f,cc,04,58,e5,a6,04,6c,f2,f0,b6,60,9d,..
"a0"=hex:20,01,00,00,e9,e8,88,a2,67,35,f0,7e,c1,d2,a9,67,57,6c,fa,20,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:63,11,a3,91,20,49,6c,26,dc,35,f9,e6,a7,26,bb,11,3f,b4,19,3d,d9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:63,11,a3,91,20,49,6c,26,dc,35,f9,e6,a7,26,bb,11,3f,b4,19,3d,d9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:07,3a,b4,c0,03,09,f0,17,47,0d,bc,08,48,37,dc,af,30,d7,56,ec,12,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:07,3a,b4,c0,03,09,f0,17,47,0d,bc,08,48,37,dc,af,30,d7,56,ec,12,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Anno 1701\\Anno1701.exe"="C:\\Program Files\\Anno 1701\\Anno1701.exe:*:Enabled:Anno 1701"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\WINDOWS\\img32\\services.exe"="C:\\WINDOWS\\img32\\services.exe:*:Enabled:Transparent Proxy Server"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Disabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\FarStone\\Vdn\\VDNClient.exe"="C:\\Program Files\\FarStone\\Vdn\\VDNClient.exe:*:Enabled:VirtualDrive Network Client"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe
0
Réponse 18 / 40
davisss Messages postés 23 Statut Membre
 
Voici le dernier HiJackthis...l'ordi semble être beaucoup plus rapide présentement...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:22:33, on 2008-06-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\CFusionMX7\runtime\bin\jrunsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\CFusionMX7\runtime\bin\jrun.exe
C:\WINDOWS\runservice.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Mail] C:\WINDOWS\img32\csrss.exe
O4 - HKLM\..\Run: [Mail32] C:\WINDOWS\img32\services.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WinSpywareProtect] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Prince of Persia Les Sables du Temps\Support\Register\RegistrationReminder.exe
O4 - Startup: Registration Tom Clancy's Rainbow Six Vegas.LNK = C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Register\RegistrationReminder.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0
Réponse 19 / 40
Le sioux Messages postés 4907 Statut Contributeur sécurité 496
 
Re

Ok, on continu :

Afin de suivre la procédure correctement, je te conseille d'enregistrer la page en sélectionnant toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.
Tu n'auras pas accès à Internet à partir du moment ou te redémarreras en mode sans échec.
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscure, demande des explications avant de commencer la désinfection.

1) Télécharge

Télécharge OTMoveIt2 (de Old_Timer) sur ton Bureau. http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
N'y touche pas pour le moment.

2) HijackThis.

<gras>Je te conseille d'enregistrer toutes les lignes a fixer puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.</gras>

Lance HijackThis en double cliquant sur son raccourci sur le Bureau.
Clique sur Scan Only et coche les lignes suivantes :

O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Mail] C:\WINDOWS\img32\csrss.exe
O4 - HKLM\..\Run: [Mail32] C:\WINDOWS\img32\services.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WinSpywareProtect] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe


Ferme toutes les autres fenêtres, tous les autres programmes. Pas de connections Internet.
Clique sur Fix checked puis clique sur OK
Puis ferme HijackThis.

Si certaines lignes sont absentes, signale les en fin de procédure

3) OTMoveIt (de Old_Timer)

Double clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :
Paste standard List of Files/Folders to be moved.


C:\WINDOWS\img32\csrss.exe
C:\WINDOWS\img32\services.exe
C:\WINDOWS\img32


Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaîtra dans le cadre Results.
Clique sur Exit pour fermer.

Il te sera peut-être demander de faire redémarrer le PC pour achever la suppression.
si c'est le cas accepte par Yes.

4) Rapports

Fais redémarrer ton PC en mode normal puis poste en réponse :

* Le rapport d’OTMoveIt situé dans C:\_OTMoveIt\MovedFiles (contenu du fichier C:\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date et l'heure)
* Un nouveau rapport HijackThis.

@ suivre
0
Réponse 20 / 40
davisss Messages postés 23 Statut Membre
 
Le rapport d’OTMoveIt

File/Folder C:\WINDOWS\img32\csrss.exe not found.
File/Folder C:\WINDOWS\img32\services.exe not found.
C:\WINDOWS\img32 moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06142008_140937

Un nouveau rapport HijackThis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:21:30, on 2008-06-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\CFusionMX7\runtime\bin\jrunsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\CFusionMX7\runtime\bin\jrun.exe
C:\WINDOWS\runservice.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Prince of Persia Les Sables du Temps\Support\Register\RegistrationReminder.exe
O4 - Startup: Registration Tom Clancy's Rainbow Six Vegas.LNK = C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Register\RegistrationReminder.exe
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0

Discussions similaires

infecté par des virus
Lisy59120 -
Lisy59120 -

5 réponses
Virus non détecté par mon anti-virus ?
F2L -
cabrier -

12 réponses
simon
sisititi -
azert1313 -

1 réponse
Powershell infecté
Bal2bin -
MisteryBean -

8 réponses
Infecté ?
rifigames -
rifigames -

6 réponses